My understanding is:
1.) Alice's phone falls into a river.
2.) Bob sends an encrypted message to Alice, which is not delivered, since the WhatsApp server can see that her phone is offline. The server waits for her phone to come back online, so that it can deliver the message.
3.) Alice buys a new phone (she keeps her old phone number), installs WhatsApp, registers the app with her phone number, and generates a new long term identity key pair.
4.) The WhatsApp server sees that a new device has been registered to Alice's phone number.
5.) The WhatsApp server tells Bob's phone that Alice has a new long term identity key pair.
6.) Bob's phone re-encrypts and re-transmits only the undelivered messages, which are delivered to Alice's new phone.
So, an attacker who can spoof Alice's phone number can read messages that were waiting to be delivered at the time when the attacker spoofs her phone number. There would only be undelivered messages on the server if Alice's phone is offline for some period of time, just prior to the attack.
This is not particularly useful for an attacker, as other, more qualified people, have already pointed out.
You also may want to read this analysis by Frederic Jacobs, who co-authored the first release of Signal's iOS client: